cert-manager: secret "cert-manager-webhook-webhook-tls" not found
Bugs should be filed for issues encountered whilst operating cert-manager. You should first attempt to resolve your issues through the community support channels, e.g. Slack, in order to rule out individual configuration errors. Please provide as much detail as possible.
Describe the bug:
- use
helm install jetstack/cert-manager - webhook fails to start
MountVolume.SetUp failed for volume "certs" : secret "cert-manager-webhook-webhook-tls" not foundcert-manager doesnt work, cant apply clusterissuers, cant issue certs, nothing cert-manager related seems to be functioning properly
Expected behaviour: functioning properly
Steps to reproduce the bug: Steps to reproduce the bug should be clear and easily reproducible to help people gain an understanding of the problem.
Anything else we need to know?:
Environment details::
- Kubernetes version: 1.14.1
- Cloud-provider/provisioner: bare-metal/kubespray
- cert-manager version: helm repo update, 0.8.0?
- Install method: helm /kind bug
user@laptop:~$ kubectl --context=dev3 -n kube-system get pod | grep cert-manager
cert-manager-6b7c647548-cgrfj 1/1 Running 0 10m
cert-manager-cainjector-6bbbd87b97-vjrlc 1/1 Running 0 10m
cert-manager-webhook-5bdc99c85d-r462t 0/1 ContainerCreating 0 10m
user@laptop:~$ kubectl --context=dev3 -n kube-system describe pod cert-manager-webhook-5bdc99c85d-r462t
Name: cert-manager-webhook-5bdc99c85d-r462t
Namespace: kube-system
Priority: 0
PriorityClassName: <none>
Node: node-6qjgv/10.10.23.251
Start Time: Tue, 28 May 2019 16:11:33 +0200
Labels: app=webhook
pod-template-hash=5bdc99c85d
release=cert-manager
Annotations: <none>
Status: Pending
IP:
Controlled By: ReplicaSet/cert-manager-webhook-5bdc99c85d
Containers:
webhook:
Container ID:
Image: quay.io/jetstack/cert-manager-webhook:v0.8.0
Image ID:
Port: <none>
Host Port: <none>
Args:
--v=2
--secure-port=6443
--tls-cert-file=/certs/tls.crt
--tls-private-key-file=/certs/tls.key
State: Waiting
Reason: ContainerCreating
Ready: False
Restart Count: 0
Environment:
POD_NAMESPACE: kube-system (v1:metadata.namespace)
Mounts:
/certs from certs (rw)
/var/run/secrets/kubernetes.io/serviceaccount from default-token-blf9p (ro)
Conditions:
Type Status
Initialized True
Ready False
ContainersReady False
PodScheduled True
Volumes:
certs:
Type: Secret (a volume populated by a Secret)
SecretName: cert-manager-webhook-webhook-tls
Optional: false
default-token-blf9p:
Type: Secret (a volume populated by a Secret)
SecretName: default-token-blf9p
Optional: false
QoS Class: BestEffort
Node-Selectors: <none>
Tolerations: node.kubernetes.io/not-ready:NoExecute for 300s
node.kubernetes.io/unreachable:NoExecute for 300s
Events:
Type Reason Age From Message
---- ------ ---- ---- -------
Normal Scheduled 10m default-scheduler Successfully assigned kube-system/cert-manager-webhook-5bdc99c85d-r462t to node-6qjgv
Warning FailedMount 108s (x4 over 8m39s) kubelet, node-6qjgv Unable to mount volumes for pod "cert-manager-webhook-5bdc99c85d-r462t_kube-system(7f21058b-8152-11e9-9a03-525400aaece4)": timeout expired waiting for volumes to attach or mount for pod "kube-system"/"cert-manager-webhook-5bdc99c85d-r462t". list of unmounted volumes=[certs]. list of unattached volumes=[certs default-token-blf9p]
Warning FailedMount 26s (x13 over 10m) kubelet, node-6qjgv MountVolume.SetUp failed for volume "certs" : secret "cert-manager-webhook-webhook-tls" not found
user@laptop:~$ kubectl --context=dev3 -n kube-system get secret --all-namespaces | grep cert-manager-webhook-webhook-tls
user@laptop:~$
About this issue
- Original URL
- State: closed
- Created 5 years ago
- Reactions: 16
- Comments: 30 (2 by maintainers)
I am having the same issue with v0.11.0 on a fresh cluster. Please reopen the issue
I had the same trouble with secret “cert-manager-webhook-webhook-tls” not found
My cert-manager deployed from manifest, so update i did by this command:
For me helped just apply new manifest twice. After this pod cert-manager-webhook started as expected.
kubectl --context=<some other cluster> -n kube-system get secret cert-manager-webhook-webhook-tls -oyaml | kubectl --context=dev3 -n kube-system apply -f -copying the secret from another cluster seemed to fix it.
Hi there, I received this exact error and upon pod description received this information: Warning FailedMount <invalid> (x8 over <invalid>) kubelet, gke-test-cluster-default-pool-fea900f5-sk7r MountVolume.SetUp failed for volume “certs” : secret “cert-manager-webhook-tls” not found
After two minutes the pod was still displaying the error ,however, after ten minutes the pod was working perfectly fine. Really strange.
I don’t know why cert-manager didn’t work suddenly. I got help on the site(https://cert-manager.io/docs/tutorials/acme/ingress/.) and solved it.
I’ve created a separate issue #2484 cause I guess is worth it.
The solution by @DeamonMV shows that version
0.8.0has some bug since version0.8.1modifies the namespace tocert-manager( instead ofdefault)